From 201fe406534a95bdd8c46b25e81b11e9209ad2f1 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 7 May 2019 18:10:10 +0200 Subject: [PATCH] BUG/MINOR: mux-h2: fix the condition to close a cs-less h2s on the backend A typo was introduced in the following commit : 927b88ba0 ("BUG/MAJOR: mux-h2: fix race condition between close on both ends") making the test on h2s->cs never being done and h2c->cs being dereferenced without being tested. This also confirms that this condition does not happen on this side but better fix it right now to be safe. This must be backported to 1.9. --- src/mux_h2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mux_h2.c b/src/mux_h2.c index eca85cbe21..6105f1bce1 100644 --- a/src/mux_h2.c +++ b/src/mux_h2.c @@ -2078,7 +2078,7 @@ static struct h2s *h2c_bck_handle_headers(struct h2c *h2c, struct h2s *h2s) h2s->st = H2_SS_ERROR; else if (h2s->cs && (h2s->cs->flags & (CS_FL_EOI|CS_FL_REOS)) && h2s->st == H2_SS_OPEN) h2s->st = H2_SS_HREM; - else if ((!h2s || h2s->cs->flags & (CS_FL_EOI|CS_FL_REOS)) && h2s->st == H2_SS_HLOC) + else if ((!h2s->cs || h2s->cs->flags & (CS_FL_EOI|CS_FL_REOS)) && h2s->st == H2_SS_HLOC) h2s_close(h2s); return h2s; -- 2.47.2